aboutsummaryrefslogtreecommitdiff
path: root/pyaggr3g470r/controllers/abstract.py
diff options
context:
space:
mode:
Diffstat (limited to 'pyaggr3g470r/controllers/abstract.py')
-rw-r--r--pyaggr3g470r/controllers/abstract.py26
1 files changed, 22 insertions, 4 deletions
diff --git a/pyaggr3g470r/controllers/abstract.py b/pyaggr3g470r/controllers/abstract.py
index c084deb9..f1173817 100644
--- a/pyaggr3g470r/controllers/abstract.py
+++ b/pyaggr3g470r/controllers/abstract.py
@@ -9,11 +9,25 @@ class AbstractController(object):
_db_cls = None # reference to the database class
_user_id_key = 'user_id'
- def __init__(self, user_id):
+ def __init__(self, user_id=None):
+ """User id is a right management mechanism that should be used to
+ filter objects in database on their denormalized "user_id" field
+ (or "id" field for users).
+ Should no user_id be provided, the Controller won't apply any filter
+ allowing for a kind of "super user" mode.
+ """
self.user_id = user_id
def _to_filters(self, **filters):
- if self.user_id:
+ """
+ Will translate filters to sqlalchemy filter.
+ This method will also apply user_id restriction if available.
+
+ each parameters of the function is treated as an equality unless the
+ name of the parameter ends with either "__gt", "__lt", "__ge", "__le",
+ "__ne" or "__in".
+ """
+ if self.user_id is not None:
filters[self._user_id_key] = self.user_id
db_filters = set()
for key, value in filters.items():
@@ -37,17 +51,21 @@ class AbstractController(object):
return self._db_cls.query.filter(*self._to_filters(**filters))
def get(self, **filters):
+ """Will return one single objects corresponding to filters"""
obj = self._get(**filters).first()
if not obj:
raise NotFound({'message': 'No %r (%r)'
% (self._db_cls.__class__.__name__, filters)})
- if getattr(obj, self._user_id_key) != self.user_id:
+ if self.user_id is not None \
+ and getattr(obj, self._user_id_key) != self.user_id:
raise Forbidden({'message': 'No authorized to access %r (%r)'
% (self._db_cls.__class__.__name__, filters)})
return obj
def create(self, **attrs):
- attrs[self._user_id_key] = self.user_id
+ assert self._user_id_key in attrs or self.user_id is not None, \
+ "You must provide user_id one way or another"
+ attrs[self._user_id_key] = self.user_id or attrs.get(self._user_id_key)
obj = self._db_cls(**attrs)
db.session.add(obj)
db.session.commit()
bgstack15